Apparatus and method for profile installation in communication system

ABSTRACT

The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technologies, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. A method of providing a profile package by a profile server and the profile server includes generating a profile package, dividing the profile package in a unit installable in a UICC of an electronic device, reconfiguring the divided profile information in an encryptable unit, and transmitting the reconfigured profile information to the electronic device. Further, provided is an operating method and apparatus of an electronic device communicating with the profile server.

CROSS-REFERENCE TO RELATED APPLICATION(S) AND CLAIM OF PRIORITY

The present application is related to and claims priority from and thebenefit under 35 U.S.C. § 119(a) of U.S. Patent Application No.62/080,910, filed on Nov. 17, 2014, which is hereby incorporated byreference for all purposes as if fully set forth herein.

TECHNICAL FIELD

The present disclosure relates to a method and apparatus for selecting acommunication service to perform communication connection by a UserEquipment (UE) in a communication system.

BACKGROUND

To meet the demand for wireless data traffic having increased sincedeployment of 4G communication systems, efforts have been made todevelop an improved 5G or pre-5G communication system. Therefore, the 5Gor pre-5G communication system is also called a ‘Beyond 4G Network’ or a‘Post LTE System’. The 5G communication system is considered to beimplemented in higher frequency (mmWave) bands, e.g., 60 GHz bands, soas to accomplish higher data rates. To decrease propagation loss of theradio waves and increase the transmission distance, the beamforming,massive multiple-input multiple-output (MIMO), Full Dimensional MIMO(FD-MIMO), array antenna, an analog beam forming, large scale antennatechniques are discussed in 5G communication systems. In addition, in 5Gcommunication systems, development for system network improvement isunder way based on advanced small cells, cloud Radio Access Networks(RANs), ultra-dense networks, device-to-device (D2D) communication,wireless backhaul, moving network, cooperative communication,Coordinated Multi-Points (CoMP), reception-end interference cancellationand the like. In the 5G system, Hybrid FSK and QAM Modulation (FQAM) andsliding window superposition coding (SWSC) as an advanced codingmodulation (ACM), and filter bank multi carrier (FBMC), non-orthogonalmultiple access (NOMA), and sparse code multiple access (SCMA) as anadvanced access technology have been developed.

The Internet, which is a human centered connectivity network wherehumans generate and consume information, is now evolving to the Internetof Things (IoT) where distributed entities, such as things, exchange andprocess information without human intervention. The Internet ofEverything (IoE), which is a combination of the IoT technology and theBig Data processing technology through connection with a cloud server,has emerged. As technology elements, such as “sensing technology”,“wired/wireless communication and network infrastructure”, “serviceinterface technology”, and “Security technology” have been demanded forIoT implementation, a sensor network, a Machine-to-Machine (M2M)communication, Machine Type Communication (MTC), and so forth have beenrecently researched. Such an IoT environment may provide intelligentInternet technology services that create a new value to human life bycollecting and analyzing data generated among connected things. IoT maybe applied to a variety of fields including smart home, smart building,smart city, smart car or connected cars, smart grid, health care, smartappliances and advanced medical services through convergence andcombination between existing Information Technology (IT) and variousindustrial applications.

In line with this, various attempts have been made to apply 5Gcommunication systems to IoT networks. For example, technologies such asa sensor network, Machine Type Communication (MTC), andMachine-to-Machine (M2M) communication may be implemented bybeamforming, MIMO, and array antennas. Application of a cloud RadioAccess Network (RAN) as the above-described Big Data processingtechnology may also be considered to be as an example of convergencebetween the 5G technology and the IoT technology.

A Universal Integrated Circuit Card (UICC) corresponds to a smart cardused while being inserted into a mobile communication UE, etc., is alsoreferred to as a UICC card. The UICC may include an access controlmodule for access to a network of a mobile communication provider.Examples of the access control module include a Universal SubscriberIdentity Module (USIM), a Subscriber Identity Module (SIM), an IPmultimedia Service Identity Module (ISIM), etc. The UICC including theUSIM may be generally called a USIM card. Likewise, the UICC includingthe SIM module may be generally called a SIM card. In the followingdescription of the present disclosure, the SIM card will be used as ageneral meaning including a UICC card, a USIM card, a UICC including anISIM, etc. That is, when the SIM card is mentioned, the technology canbe identically applied to the USIM card, the ISIM card or a general UICCcard.

The SIM card stores private information of a mobile communicationsubscriber, and authenticates the subscriber and creates a trafficsecurity key when the subscriber accesses a mobile communicationnetwork, thereby making it possible to safely use the mobilecommunication.

In a proposal of the present disclosure, the SIM card is generallymanufactured as a dedicated card for a specific mobile communicationprovider in response to a request of the corresponding provider, and isreleased while authentication information for network access of thecorresponding provider, e.g., a USIM application, an InternationalMobile Subscriber Identity (IMSI), a k value, an OPc value, etc., isstored therein in advance. Thus, the corresponding mobile communicationservice provider receives a delivery of the manufactured SIM card toprovide the same to the subscriber, and thereafter performs themanagement, such as installation, modification, deletion, and the like,of an application in the UICC using technologies such as Over The Air(OTA), etc. when necessary. The subscriber may insert the UICC card intohis/her mobile communication UE to use the network and applicationservices of the corresponding mobile communication service provider, andwhen replacing the UE, the subscriber may move and insert the UICC cardfrom the existing UE to a new UE to use the authentication information,the mobile communication phone numbers, the personal telephone numberlist, and the like, which are stored in the UICC card, in the new UE asthey are.

However, it is inconvenient for the SIM card to allow a mobilecommunication UE user to receive a service of another mobilecommunication provider. There is inconvenience in that the mobilecommunication UE user should physically acquire the SIM card in order toreceive a service from the mobile communication provider. For example,there is inconvenience in that when travelling to other countries, themobile communication UE user should acquire a local SIM card in order toreceive a local mobile communication service. A roaming service cansolve the inconvenience to some degree, but a fee thereof is expensive.Further, when a contract between communication providers is notestablished, it is impossible to receive a service.

Meanwhile, when the SIM module is remotely downloaded to and installedin the UICC card, it is possible to solve such inconvenienceconsiderably. That is, a user can download a SIM module corresponding toa mobile communication service to the UICC card when necessary. Further,such a UICC card can download and install a plurality of SIM modules,and only one SIM module from among them can be selected and used. Such aUICC card may fix the SIM module to a UE or may not fix the SIM moduleto the UE. In particular, the UICC, which is used while being fixed tothe UE, is called an embedded UICC (eUICC). In general, the eUICCimplies a UICC card which is used while being fixed to the UE and canremotely download and select the SIM module. In the present disclosure,the UICC card, which can remotely download and select the SIM module, iscommonly called the eUICC. That is, the UICC card, which is fixed to oris not fixed to the UE, from among UICC cards which can remotelydownload and select the SIM module, is commonly called the eUICC.Further, information on the downloaded SIM module is used as a termcalled an eUICC profile.

SUMMARY

To address the above-discussed deficiencies, it is a primary object toprovide an apparatus and method for receiving a service of a mobilecommunication provider by a user of a UE in a wireless communicationsystem.

A UE in a wireless communication system according to an embodiment ofthe present disclosure includes a reception unit for receiving a profilefrom a profile management server, a display unit for displaying thecommunication service information, and a controller for receiving theprofile to be connected to a communication service.

A server for providing a profile in a wireless communication systemaccording to an embodiment of the present disclosure includes acontroller for generating and encrypting a profile, and a transmissionunit for transmitting the encrypted profile to a server for managing aprofile.

A server for managing a profile in a wireless communication systemaccording to an embodiment of the present disclosure includes areception unit for receiving an encrypted profile from a server forproviding a profile, and a transmission unit for performing transfer toa UE using the eUICC.

A method of a UE in a wireless communication system according to anembodiment of the present disclosure includes receiving a profile from aprofile management server, displaying the communication serviceinformation, and receiving the profile to be connected to acommunication service.

A method of providing a profile of a server in a wireless communicationsystem according to an embodiment of the present disclosure includesgenerating and encrypting a profile, and transmitting the encrypted andgenerated profile to a server for managing a profile.

A method of managing a profile of a server for managing a profile in awireless communication system according to an embodiment of the presentdisclosure includes receiving an encrypted profile from a server forproviding a profile, and performing transfer to a UE using the eUICC.

Further, in accordance with an embodiment of the present disclosure, amethod of providing a profile package by a profile server is provided.The method includes generating a profile package; dividing the profilepackage into a unit installable in a UICC of an electronic device,reconfiguring the divided profile information in an encryptable unit;and transmitting the reconfigured profile information to the electronicdevice.

Further, in accordance with an embodiment of the present disclosure, aprofile server for providing a profile package is provided. The profilepackage includes a transmission/reception unit that transmits/receives asignal, and a controller that generates a profile package, divides theprofile package in a unit installable in a UICC of an electronic device,reconfigures the divided profile information in an encryptable unit, andtransmits the reconfigured profile information to the electronic device.

Further, in accordance with an embodiment of the present disclosure, amethod of downloading a profile package by an electronic device isprovided. The method includes receiving, from a profile server, firstprofile information in an encryptable unit, which constitutes a profilepackage; transmitting the first profile information in an encryptableunit to a UICC of the electronic device; decoding the first profileinformation in an encryptable unit, which has been transmitted to theUICC, acquiring first profile information in an installable unit fromthe decoded profile information; and installing the acquired firstprofile information in an installable unit.

Further, in accordance with an embodiment of the present disclosure, anelectronic device for downloading a profile package is provided. Theelectronic device includes: a communication unit that transmits/receivesa signal, a UICC that downloads and installs a profile; and a controllerthat makes a control to receive, from a profile server, first profileinformation in an encryptable unit, which constitutes a profile package,and transmit the first profile information in an encryptable unit to aUICC of the electronic device, wherein the UICC decodes the firstprofile information in an encryptable unit, which has been transmittedto the UICC, acquires first profile information in an installable unitfrom the decoded profile information, and installs the acquired firstprofile information in an installable unit.

The technical problems to be achieved in the present disclosure are notlimited to the above-mentioned technical problems, and othernot-mentioned technical problems on the basis of the followingdescription could be easily understood by those skilled in the art towhich the present disclosure pertains.

In accordance with the present disclosure, in a wireless communicationsystem, a profile, by which a communication service can be used, may beautomatically installed in a mobile communication UE.

Before undertaking the DETAILED DESCRIPTION below, it may beadvantageous to set forth definitions of certain words and phrases usedthroughout this patent document: the terms “include” and “comprise,” aswell as derivatives thereof, mean inclusion without limitation; the term“or,” is inclusive, meaning and/or; the phrases “associated with” and“associated therewith,” as well as derivatives thereof, may mean toinclude, be included within, interconnect with, contain, be containedwithin, connect to or with, couple to or with, be communicable with,cooperate with, interleave, juxtapose, be proximate to, be bound to orwith, have, have a property of, or the like; and the term “controller”or “processor” means any device, system or part thereof that controls atleast one operation, such a device may be implemented in hardware,firmware or software, or some combination of at least two of the same.It should be noted that the functionality associated with any particularcontroller may be centralized or distributed, whether locally orremotely. Definitions for certain words and phrases are providedthroughout this patent document, those of ordinary skill in the artshould understand that in many, if not most instances, such definitionsapply to prior, as well as future uses of such defined words andphrases.

BRIEF DESCRIPTION OF THE DRAWINGS

For a more complete understanding of the present disclosure and itsadvantages, reference is now made to the following description taken inconjunction with the accompanying drawings, in which like referencenumerals represent like parts:

FIG. 1 schematically illustrates a connection method of a mobilecommunication network by a detachable UICC that can be inserted into anddetached from a UE and a connection method of a mobile communicationnetwork by an embedded UICC (eUICC) embedded in a UE;

FIG. 2 is a signal flow diagram illustrating a process of installing aprofile in a wireless communication network according to an embodimentof the present disclosure;

FIG. 3 illustrates a process of transmitting a profile package accordingto an embodiment of the present disclosure;

FIG. 4 illustrates a method of dividing and transmitting a profilepackage according to an embodiment of the present disclosure;

FIG. 5 illustrates a method of transmitting divided profile packagesaccording to an embodiment of the present disclosure;

FIG. 6 illustrates a process of generating and encrypting a profilepackage according to an embodiment of the present disclosure;

FIG. 7 is a flowchart illustrating a method of transmitting andinstalling a profile package according to an embodiment of the presentdisclosure;

FIG. 8 illustrates a method of activating a profile after selecting theprofile and a file structure of the profile;

FIG. 9 illustrates an AKA authentication process for performingauthentication of a USIM within an eSIM profile;

FIGS. 10 to 13 illustrate an operation of transmitting profileinformation according to an additional embodiment of the presentdisclosure;

FIG. 14 is a signal flow diagram illustrating a process of transmittingand installing an eUICC profile according to an embodiment of thepresent disclosure;

FIG. 15 is a signal flow diagram illustrating a process of transmittingand installing an eUICC profile according to another embodiment of thepresent disclosure;

FIGS. 16A and 16B illustrate a process of transmitting and installing aneUICC profile according to another embodiment of the present disclosure;

FIG. 17 illustrates a profile server according to an embodiment of thepresent disclosure; and

FIG. 18 illustrates a UE according to an embodiment of the presentdisclosure.

DETAILED DESCRIPTION

FIGS. 1 through 18, discussed below, and the various embodiments used todescribe the principles of the present disclosure in this patentdocument are by way of illustration only and should not be construed inany way to limit the scope of the disclosure. Those skilled in the artwill understand that the principles of the present disclosure can beimplemented in any suitably arranged telecommunication technologies.Hereinafter, an embodiment of the present disclosure will be describedin detail with reference to the accompanying drawings.

In describing embodiments, descriptions of technical features which arewidely known in the technical field to which the present disclosurepertains and are not directly related to the present disclosure will beomitted. This is for more clearly describing the subject matter of thepresent disclosure without obfuscation by omitting unnecessarydescription.

Specific terms used in the following description are provided to helpunderstanding of the present disclosure, and can be changed to variousforms without departing from the technical spirit of the presentdisclosure.

Further, terms in the present specification will be defined.

In the present specification, the UICC, which is a smart card used whilebeing inserted into a mobile communication UE, implies a chip whichstores private information of a mobile communication subscriber, such asnetwork access authentication information, a phone number, and a ShortMessage Service (SMS), and performs subscriber authentication andtraffic security key generation when accessing a mobile communicationnetwork such as Global System for Mobile communications (GSM), WidebandCode Division Multiple Access (WCDMA), and Long Term Evolution (LTE),etc., thereby enabling safe use of mobile communication. The UICC has acommunication application mounted thereto, such as a Subscriber IdentityModule (SIM), a Universal SIM (USIM) and an IP Multimedia SIM (ISIM),and can provide a high level security function for mounting variousapplications such as an electronic wallet, ticketing, and an electronicpassport.

In the present specification, the eUICC is a security module which isnot a detachable type chip inserted into and detached from a UE but is achip embedded in the UE. The eUICC can download and install a profileusing the Over The Air (OTA) technology.

In the present specification, a method of downloading a profile in theeUICC using the OTA technology can be applied even to a detachable typeUICC which can be inserted into and detached from a UE.

In the present specification, the term “UICC” can be mixedly used withthe SIM, and the term “eUICC” can be mixedly used with the eSIM.

In the present specification, the profile can imply a thing obtained bypackaging, in a software form, an application, a file system, and anauthentication key value, etc. which are stored in the UICC.

In the present specification, the USIM profile can imply the profileidentically or a profile obtained by packaging, in a software form,information included in a USIM application within the profile.

In the present specification, an operational profile can imply a thingobtained by packaging, in a software form, subscriber information of amobile communication provider to which a user of a UE is registered.

In the present specification, a provisioning profile can imply a profilepre-mounted to the eUICC, which is necessary for allowing a UE to accessa predetermined mobile communication network of a predetermined countrybefore a user subscribes to a specific communication provider.

In the present specification, a profile provision server can beexpressed as a Subscription Manager Data Preparation (SM-DP), anoff-card entity of a profile domain, a profile encryption server, aprofile generation server, a Profile Provisioner (PP), a ProfileProvider, and a Profile Provisioning Credentials holder (PPC holder).

In the present specification, a profile management server can beexpressed as a Subscription Manager Secure Routing, an off-card entityof an eUICC profile manager, or a Profile Management Credentials holder(PMC holder).

In the present specification, an eUICC profile manager can be expressedas an ISD-R, a Profile Managing Domain, or the like.

The term “terminal” used in the present specification can be called amobile station (MS), a User Equipment (UE), a User Terminal (UT), awireless terminal, an Access Terminal (AT), a terminal, a subscriberunit, a Subscriber Station (SS), a wireless device, a wirelesscommunication device, a Wireless Transmit/Receive Unit (WTRU), a mobilenode, a mobile, or other terms. Various embodiments of a UE can includea cellular phone, a smartphone having a wireless communication function,a Personal Digital Assistant (PDA) having a wireless communicationfunction, a wireless MOdulator/DEModulator (MODEM), a portable computerhaving a wireless communication function, a photographing apparatus suchas a digital camera having a wireless communication function, a gamingdevice having a wireless communication function, a music storage andreproduction home appliance having a wireless communication function, anInternet home appliance capable of wireless Internet access andbrowsing, and a portable unit or UEs having a combination of thefunctions. Further, the UE can include a Machine-to-Machine (M2M) UE anda Machine Type Communication (MTC) UE/device, but the present disclosureis not limited thereto.

In the present specification, an electronic device can include a UICCembedded therein which is able to download and install a profile. Whenthe UICC is not embedded in the electronic device, the UICC, physicallyseparated from the electronic device, can be connected to the electronicdevice while being inserted into the electronic device. For example, theUICC can be inserted into the electronic device in a form of a card. Theelectronic device can include the UE. At this time, the UE can be a UEincluding a UICC which can download and install a profile. The UICC canbe embedded in the UE, and when the UE and the UICC are separated fromeach other, the UICC can be inserted into the UE, and can be connectedto the UE while being inserted into the UE. The UICC which can downloadand install a profile can be called, for example, an eUICC.

In the present specification, a profile identifier can be referred to asa factor matched with a Profile ID, an Integrated Circuit Card ID(ICCID), and an Issuer Security Domain-Profile (ISD-P). The Profile IDcan indicate a unique identifier of each profile.

In the present specification, an eUICC ID can be a unique identifier ofan eUICC embedded in a UE and can be referred to as an EID. Further,when a provisioning profile is mounted to the eUICC in advance, theeUICC ID can be a profile ID of the corresponding provisioning profile.Further, when the UE and an eUICC (or eSIM) chip are not separated fromeach other as in an embodiment of the present disclosure, the eUICC IDcan be a UE ID. Further, the eUICC ID can be referred to as a specificsecure domain of the eSIM chip.

In the present specification, a profile container can be named a profiledomain. A profile container can be a security domain.

In the present specification, an Application Protocol Data Unit (APDU)can be a message for allowing a UE to interwork with an eUICC. Further,the APDU can be a message for allowing a PP or a PM to interwork withthe eUICC.

In the present specification, Profile Provisioning Credentials (PPC) canbe a means used for mutual authentication between a PP and an eUICC,profile encryption, and a signature. A PPC can include one or more of asymmetric key, an RSA authentication certificate and a private key, anECC authentication certificate and a private key, and a Root CA and anauthentication certificate chain. Further, when there are a plurality ofPPs, a different PMC for each of a plurality of PMs can be stored in theeUICC or can be used.

In the present specification, Profile Management Credentials (PMC) canbe a means used for mutual authentication between a PM and an eUICC,transmission data encryption, and a signature. A PMC can include one ormore of a symmetric key, an RSA authentication certificate and a privatekey, an ECC authentication certificate and a private key, and a Root CAand an authentication certificate chain. Further, when there are aplurality of PMs, a different PMC for each of a plurality of PMs can bestored in the eUICC or can be used.

In the present specification, AID can be an application identifier. Thisvalue can be an identifier by which different applications within theeUICC are identified.

In the present specification, TAR can be a Toolkit ApplicationReference. This value can be an identifier by which a ToolkitApplication is identified.

In the present specification, a Profile Package TLV can be named aProfile TLV. The profile Package TLV can be a data set which expressesinformation constituting a profile in a form of a TLV (Tag, Length,Value).

In the present specification, AKA can indicate Authentication and KeyAgreement, and can indicate an authentication algorithm for accessing a3GPP and 3GPP2 network.

In the present specification, K corresponds to an encryption key valuestored in the eUICC used for an AKA authentication algorithm.

In the present specification, OPc corresponds to a parameter valuestored in the eUICC used for the AKA authentication algorithm.

In the present specification, NAA, which is a Network Access Applicationprogram, can be an application program such as USIM or ISIM, which isstored in the UICC in order to access a network. NAA can be a networkaccess module.

In the present specification, AMF can be an authentication managementfield value.

In the present specification, SQN can be a sequence number value.

In the present specification, L is a value which can be stored in NAA,and can be a parameter used at a time of SQN verification during an AKAauthentication process.

In the present specification, a delta value is a value which can bestored in NAA, and can be a parameter used at a time of the SQNverification during the AKA authentication process.

Further, in the following description of the present disclosure, adetailed description of related known functions or configurationsincorporated herein will be omitted when it can make the subject matterof the present disclosure rather unclear.

FIG. 1 schematically illustrates a connection method of a mobilecommunication network by a detachable UICC in the art that can beinserted into and detached from a UE and a connection method of a mobilecommunication network by an embedded UICC (eUICC) embedded in a UE.

Referring to FIG. 1, a detachable UICC can be inserted into a UE (asindicated by reference numeral 101). A profile can be mounted to adetachable UICC in advance. The UE can be connected to a mobile networkusing the mounted profile (as indicated by reference numeral 102).

The UE has an eUICC embedded therein. An eUICC can have a provisioningprofile mounted thereto in advance. The UE can access a mobile networkfor provisioning using the mounted provisioning profile. The UE candownload a profile from a mobile network server by accessing a temporarymobile network for provisioning. The temporary mobile network is amobile network for downloading a profile. The UE can install thedownloaded profile and can be connected to the mobile network using theprofile (as indicated by reference numeral 105).

FIG. 2 illustrates an embodiment of installing a profile in a wirelesscommunication network according to an embodiment of the presentdisclosure. The profile server 210 can include a PP and a PM. The eUICC220 can include a profile manager and a profile domain. Thus, anoperation of a PP and a PM, which will be described below, can beperformed by a profile server 210, and an operation of a profile managerand a profile domain can be performed by an eUICC.

Referring to FIG. 2, in operation 250, the profile server 210 canrequest generation of a profile container from the eUICC 220. PP canperform a profile container generation request for a specific eUICCwhile communicating with the PM. The profile container generationrequest can be a profile download request command. Encryptedcommunication can be used between the PP and the PM, and the encryptedcommunication can be used by configuring a symmetric key or can be usedin an authentication certificate scheme. First, as an example of theauthentication certificate-based encrypted communication, when the PPgenerates an encryption symmetric key, encrypts the generated encryptionsymmetric key by a public key of the PM, and transmits the encryptedsymmetric key to the PM, the PM decodes the encryption symmetric key bya private key of the PM, and then commercially uses the correspondingsymmetric key for the encrypted key with the PP.

The Profile Container Create command can be transmitted while beingincluded in an HTTP message. The PM, which has received the ProfileContainer Create command, can request the Profile Container Create (orcan be expressed as Profile generation, Profile Domain generation, orthe like) while communicating with the eUICC. As an example, in thisprocess, the PM can use an SMS message in order to communicate with theeUICC. In detail, the PM can allow the eUICC to include APDU, whichimplies the Profile Container Create, in an SMS-PP message. One exampleof such an APDU message can include a PUSH APDU command. Another exampleof such an APDU message can be a STORE message. Further, when generatingthe SMS-PP message, the PM can encrypt the APDU message. At this time,an encryption key to be used can be shared between the PM and the eUICCand stored. The Profile Container generation request can be firstlytransmitted to a mobile communication UE, and the mobile communicationUE generates an APDU message and transmits the APDU message to theeUICC.

Further, the message transmission between the PM and the eUICC can beperformed using an HTTP message. In detail, a TLS communication channelis established between the PM and the eUICC using a symmetric key or anauthentication certificate which is previously generated and stored, anda message can be then transmitted using the HTTP message. In this way,when not SMS but HTTP is used, there is an advantage in that IPcommunication using a mobile communication network can be used or acommunication between the PM and the eUICC can be performed using an IPnetwork which utilizes Wi-Fi or Bluetooth.

The Profile Container Create request message, which has been transmittedfrom the PM, can be processed by an eUICC Profile Manager within theeUICC. An eUICC Profile Manager can decode a communication messageincluding the request to one value from among the PMCs stored in theeUICC and verify the decoded value using a configuration value, and whenthe verifying is passed, generate a Profile Container within the eUICC.A memory necessary for generating the Profile within the eUICC, an AIDvalue, or the like can be allocated to a Profile Container.

Meanwhile, the PP can generate (as indicated by reference numeral 260)and encrypt (as indicated by reference numeral 265) the Profile PackageTLV in order to install the Profile in the Profile Container generatedin the eUICC. The profile server 210 can generate a profile package(operation 260). The profile package can have a Tag Length Value (TLV)form. The profile package having a TLV form can be named a profilepackage TLV. The profile server 210 can generate a profile packagedivided into n pieces of information in an installable unit. Further,the profile server can divide the profile package into information in aninstallable unit after generating the profile package. The informationin an installable unit, which is information configured to be installedin the eUICC even though the entire profile package is not transmittedto the eUICC when the information is transmitted to the eUICC 220, canimply a part of the entire profile package information.

The profile server 210 can encrypt the generated profile package(operation 265). The profile server can encrypt a profile package,configured by n pieces of information in an installable unit, to mpieces of information in an encryptable unit. The n and the m can beequal to each other or can be different from each other. The profileserver 210 can transmit the profile package configured in an encryptableunit, to the electronic device. The profile server can configure theprofile package, configured in an encryptable unit, in a transmittableunit, and then transmit the profile package to the electronic device. Atthis time, the transmittable unit can correspond to a size in which theelectronic device having received the profile package can transmit thereceived profile package to a UICC of the electronic device. Forexample, the transmittable unit can be a data unit of the APDU.

Hereinafter, a procedure of generating a Profile Package TLV by a PPwill be described.

However, the TLV form is merely an example of the profile package, andin an embodiment of the present disclosure, a form of the profilepackage is not limited to the TLV form. Table 1 illustrates a structureof the Profile Package TLV. Here, a scheme of recording data in aTag-Length-Value form can be commonly called a TLV. The Profile PackageTLV can be named a Profile TLV. Referring to Table 1, a Name field inthe table corresponds to a name of the TLV and is not a value actuallyincluded in data. In a case of an M/O/C field, a value of M implies thatdata is necessarily included, a value of O implies that data can not beincluded, and a value of C implies that data is conditionally included.The M/O/C field can not be a value actually included in data. However,the M/O/C field can be stored in a source code within the eUICC and usedto verify the effectiveness of the corresponding data.

TABLE 1 Profile Package TLV Structure Name M/O/C Tag Length ValueProfile Package M A1 L1 Coded as in Table 1-1

In Table 1, a Tag value of the Profile Package TLV, which is a datavalue having a size of 1 byte, is expressed as A1 in Table 1. The A1value can adopt one selected from 256 values from “00” to “FF” in ahexadecimal form. For example, the A1 value can be “8E”.

In Table 1, a Length value of the Profile Package TLV is a valueindicating the length of data stored in a Value field of the ProfileTLV, and the length of the Length file can be fixed or configured to be2 bytes or 3 bytes. As an example, when the length of the length fieldis fixed to 3 bytes, a value of the Length field can have a value of“000000”-“FFFFFF” in a hexadecimal form, and thus, can representmaximally the data length of 2^24−1 bytes or 16M−1 bytes. As an example,a value of the Length field, which is “020001”, indicates that thelength of the Value field is 128K bytes. Further, as an example, whenthe length of the length field is fixed to 2 bytes, a value of theLength field can have a value of “0000”-“FFFF” in a hexadecimal form,and thus, can represent maximally the data length of 2^16−1 bytes or64K−1 bytes.

The Value field of the Profile Package TLV in Table 1 includes variouspieces of information for installing a profile, and data is configuredusing the corresponding information as in Table 1-1.

Referring to Table 1-1, the Value field of the Profile TLV can includeFile Structure TLV data. The File Structure TLV is data for including afile structure, an attribute, and a file content of the profile. A Tagvalue of the File Structure TLV, which is a data value having a size of1 byte, is expressed as A2 in Table 1-1. The A2 value can adopt oneselected from 256 values from “00” to “FF” in a hexadecimal form. Forexample, the A1 value can be “01”.

TABLE 1-1 Structure of value part of Profile Package TLV Name M/O/C TagLength Value File Structure M A6 1~n bytes Coded as in Table 2 NAAParameters M ‘00’~‘FF’ 1~n bytes Coded as in Table 3 NAA Parameters O‘00’~‘FF’ 1~n bytes Coded as in Table 3 . . . O ‘00’~‘FF’ Load File O‘00’~‘FF’ 1~n bytes Coded as in Table 4 Package Load File O ‘00’~‘FF’1~n bytes Coded as in Table 4 Package . . . RFU

In Table 1-1, a Length value of the File Structure Data TLV is a valueindicating the length of data stored in a Value field of a FileStructure TLV, and the length of the Length file can be fixed orconfigured to be 2 bytes or 3 bytes. When the length of the length fieldis fixed to 3 bytes, a value of the Length field can have a value of“000000”-“FFFFFF” in a hexadecimal form, and thus, can representmaximally the data length of 2^24−1 bytes or 16M−1 bytes. For example, avalue of the Length field, which is “020001”, indicates that the lengthof the Value field is 128K bytes. Further, when the length of the Lengthfield is fixed to 2 bytes, a value of the Length field can have a valueof “0000”-“FFFF” in a hexadecimal form, and thus, can representmaximally the data length of 2^16 bytes or 64K bytes. A Value of theFile Structure Data TLV can include various pieces of File information,and a structure thereof can be a data structure as in Table 2.

TABLE 2 Structure of Value part of File Structure TLV Name M/O/C TagLength Value File M A6 1~3 bytes Coded as in Table 2-1 for MF, DF, orADF File O A6 1~3 bytes Coded as in Table 2-1 for DF, or ADF and as inTable 2-2 for EF . . . . . . . . . . . . . . . File O A6 1~3 bytes Codedas in Table 2-1 for DF, or ADF and as in Table 2-2 for EF

Referring to Table 2, a Value of the File Structure TLV can include atleast one or more pieces of File TLV data. Each File TLV can includedata of an MF file, a DF file, an ADF file, or an EF file. Here, the MFfile implies a Master File or a Master DF file, and the DF file impliesa Dedicated File, and the ADF file implies an Application DedicatedFile, and the EF file implies an Elementary File. In one File StructureTLV, there can be one File TLV including MF file information or therecan be no File TLV including MF file information. A Tag value of theFile TLV, which is a data value having a size of 1 byte, is expressed asA6 in Table 2. The A6 value can adopt one selected from 256 values from“00” to “FF” in a hexadecimal form. For example, the A6 value can be“02”. The Length value of the File TLV can be used while being fixed to1 byte or 2 bytes or configured to be another value. A Value part of theFile TLV can be generated in a data structure as in Table 2-1 or Table2-2. When the File TLV includes information on an MF file, a DF file, oran ADF file, data of a Value part of the corresponding File TLV can beconfigured as in Table 2-1, and when the File TLV includes informationon an EF file, data of a Value part of the corresponding File TLV can beconfigured as in Table 2-2.

TABLE 2-1 Structure of Value part of File TLV including information onMF file, DF file, and ADF file Value M/O/C Description Length A6 M Tag:File 1 byte Length of File (next byte to the end) 1~n bytes M FCPTemplate TLV coded as in TS 1~n bytes 102.222 (see note) A7 O Tag: FilePath 1 byte Length of File Path 1 byte File Path Bytes (concatenation ofFile ID) 2 × n bytes NOTE: FCP Template TLV is exactly same one forCREATE command in ETSI TS 102.222. If MF, File ID in FCP Template TLVshall be coded as ‘3F00’ and File type bits of File descriptor byte(i.e. b6, b5 and b4) in FCP Template TLV shall be coded as ‘111’

Referring to Table 2-1, when the File TLV includes information on the MFfile, the DF file, or the ADF file, the file TLV can include FCPTemplate TLV and File Path TLV data below a Tag and Length field. TheFCP Template TLV can use a value including information on a File ID,etc. as a File Control Parameter TLV having an ETSI TS 102.222 standard.The File Path is a value indicating a file path of the correspondingFile TLV, and is, for example, a value expressing a File ID. A File PathTLV can be included or not included in the File TLV. When the File Pathis not included, the determination can be performed even without theFile Path of the corresponding file. For example, when a File TLVcorresponding to the DF file and a File TLV corresponding to the EF fileare connected to each other within the File Structure TLV, and a FileTLV corresponding to the EF file does not include a File Path TLV, aFile can be generated in a state in which the corresponding EF file isconsidered as the EF file included below the DF file. When the File isgenerated using such a scheme, the size of profile data to betransmitted can be reduced by reducing information on the File Path.

TABLE 2-2 Structure of Valve part of File TLV including information onEF file Value M/O/C Description Length A6 M Tag: File 1 byte~n bytesLength of File (next byte to the end) 1 bytes~n bytes M FCP Template TLVcoded as in TS 1~n bytes 102.222 A7 O Tag: File Path 1 byte~n bytesLength of File Path 1 byte~n bytes File Path Bytes (concatenation ofFile 2 × n bytes ID) A8 C2 Tag: File Binary 1 byte~n bytes Length ofFile Binary 1 byte~n bytes File Binary 1 byte~n bytes A9 C3 Tag: FileRecords Sequence 1 byte~n bytes Length of File Records Sequence 1 byte~nbytes File Records Sequence 1 byte~n bytes B1 C4 Tag: File Data 1 byte~nbytes Length of File Data 1 byte~n bytes File Data 1 byte~n bytes C2:File Binary TLV is used for transparent EFs. C3: File Records SequenceTLV is used for linear fixed or cyclic EFs. C4: File Data TLV is usedfor BER-TLV EFs.

Referring to Table 2-2, when the File TLV includes information on the EFfile, the File TLV can include an FCP Template TLV and a File Path TLVbelow the Tag and Length field, and can additionally include one of thefollowing three TLVs without exception:

File Binary TLV;

File Records Sequence TLV;

File Data TLV.

When the EF file has a Transparent structure, the File TLV includes aFile Binary TLV from among the above three TLVs, and a Value of the FileBinary TLV can have a binary form.

When the EF file has a Linear Fixed structure or a Cyclic structure, theFile TLV includes a File Records Sequence TLV from among the above threeTLVs, and a Value of the File Records Sequence TLV can be a valueconcatenated by attaching a sequence byte to Record data included in theEF file. Table YY illustrates a structure of the File Records SequenceTLV. In the File Records Sequence TLV, a Tag value, a Length value, aRecords Number byte, and Records data are connected. Table 2-3illustrates that three Records are updated to the EF file. For example,when the EF file corresponds to a linear fixed type configured by 10Records, and only three Records from among the ten Records are updated,the File Records Sequence TLV is configured as in Table 2-3. At thistime, Records Number can be a value indicting an ordinal sequence of aspecific record among the total records.

TABLE 2-3 Value M/O/C Description Length A9 C3 Tag: File RecordsSequence 1 byte~n bytes Length of File Records Sequence 1 byte~n bytesRecords Number 1 byte Records 1 byte~n bytes Records Number 1 byteRecords 1 byte~n bytes Records Number 1 byte Records 1 byte~n bytes

When the EF file has a BER-TLV structure, the File Data TLV from amongthe three TLVs is included, and the File Data TLV can be data of whichvalues are configured by a TLV structure.

TABLE 3 Structure of Value part of NAA Parameter TLV Name M/O/C TagLength Value NAA Type M TBD 1 bytes ‘01’: USIM ‘02’: ISIM ‘03’~: FFSMILENAGE C1 TBD 1 byte~n . . . Parameter bytes TUAK C2 TBD 1 byte~n . .. Parameter bytes Native NAA O TBD 1 bytes ‘01’: Use NAA provided byIndicator the eUICC platform ‘02’: Use NAA downloaded in the Load FilePackage TLV RFU C1: If MILENAGE isn't supported by the eUICC platform,the MILENAGE Parameter TLV shall not be included. C2: If TUAK isn'tsupported by the eUICC platform, the TUAK Parameter TLV shall not beincluded.

Referring back to Table 1-1, value data of the Profile Package TLV caninclude one or more NAA Parameter TLVs. A Tag value of such an NAAParameter TLV can adopt one selected from 256 values from “00” to “FF”in a hexadecimal form.

Referring to Table 3, an NAA Type TLV can be inserted into a Value areaof such an NAA Parameter TLV. A Value of the NAA Type TLV corresponds toa value determining a network access module type such as a USIM or anISIM. As an example, in a case of USIM, the Value can be “01”, and in acase of ISIM, the Value can be “02”. Further, in a case where the NAAsupports a MILENAGE algorithm, a MILENAGE Parameter TLV can be included.As an example, the MILENAGE Parameter TLV can include a K value, an OPcvalue, an r1-r5 value, and a c1-c5 value. Further, in a case where theNAA supports a TUAK algorithm, a TUAK Parameter TLV can be included. Asan example, the TUAK Parameter TLV can include a K value, an OPc value,and an RES length value.

Meanwhile, the NAA Parameter TLV can include a Native NAA Indicator TLV.This value notifies whether the network access module is installed usinga network access module application program provided by an eUICCPlatform or the network access module is installed using a networkaccess application program transmitted while being included in a LoadFile Package TLV described below, when the corresponding profile isdownloaded and the network access module is then installed. In theformer case (i.e., when the profile is downloaded and the network accessmodule is then installed, the network access module application programis provided by the eUICC Platform.), only an AKA authentication logicprovided by the eUICC Platform can be used. However, in the latter case,(i.e., the network access module is installed using the network accessapplication program transmitted while being included in the Load FilePackage TLV), an AKA authentication mechanism can be downloaded whilebeing included in an application program included in the profile andinstalled. Meanwhile, in the latter case, a core authentication functionprovided by an OS or a platform of the eUICC can be used.

As an example, the latter has an advantage in that a method of verifyinga Sequence Number by a UICC during AKA authentication is included in anapplication program, and different methods can be used according tobusiness operators. As another example, during the AKA authentication,an authentication algorithm and an authentication key (e.g., a K value)can be differently configured and used according to an AMF value.

Meanwhile, such a TLV can include a configuration value forpersonalization of the NAA. Examples of such a configuration value caninclude an encryption key value such as a K value, an OPc value, etc.,and an AKA algorithm parameter value. The AKA algorithm parameter valuecan include a configuration value such as an L value or a delta valueused when a SeQuential Number (SQN) value is verified. Further, as anexample of such a configuration value, an algorithm identifier accordingto the AMF value, an encryption value according to the AMF value, etc.can be configured.

Referring back to Table 1-1, value data of the Profile Package TLV caninclude a Load Files Package TLV. The Load File Package TLV correspondsto a TLV including an installation file and installation information forone or more application programs executed by the eUICC. Table 4illustrates a structure of the Value part of the Load File Package TLV.

TABLE 4 Name M/O/C Tag Length Value Load File O TBD 2 bytes~n bytes . .. Application Install Info M TBD 2 bytes~n bytes . . . . . . . . . . . .. . . . . . Application Install Info O TBD 2 bytes~n bytes . . .

Referring to Table 4, a value of the Load File Package TLV can includeone Load File TLV and one or more Application Install Info TLVs. TheLoad File TLV can include one or more pieces of installation fileinformation of an application program. The Application Install Info TLVincludes information for installing an application program using aninstallation file of the application program included in the Load FileTLV or an installation file previously stored. As an example, this valuecan include an AID value of Secure Domain.

Referring back to FIG. 2, the PP can generate the Profile Package TLVand then encrypt the generated Profile Package TLV using the ProfileProvisioning Credentials. Further, the encrypted Profile Package TLV canbe signed using a symmetric key or an authentication certificate privatekey. Then, the PPC holder can transmit an encrypted Profile TLV and anencrypted signature value to the PMC holder, and the PMC holder cantransmit the same to the Profile Manager of the eUICC 220 (as indicatedby reference numeral 270). The profile server 210 can transmit theprofile package configured by information encrypted in an encryptableunit, to the eUICC 220. The profile package can be configured as mpieces of information encrypted in an encrytable unit. The informationencrypted in an encryptable unit can include profile package informationdivided in an installable unit.

Then, the eUICC 220 Profile Manager can transmit the same to the ProfileContainer. Then, the Profile Container can receive the same, and thenverify whether data is modulated, using a signature value. When theverification is passed, the Profile Container can decode an encryptedProfile Package TLV. Next, the Profile Container generates a FileStructure inside the Profile Container using the File Structure TLVwithin the Profile Package TLV. Further, the Profile Container can storean installation file or Load files in a storage place of the eUICC 220using the Load File Package TLV within the Profile Package TLV, andinstall the stored Load files or an application from a Load modulepreviously stored in the eUICC in the interior of the Profile Containerusing the Application Install Info TLV within the Load File Package TLV.Further, the Profile Container can install an NAA application using theNAA Parameter TLV or generate an Instance of the NAA application.

The electronic device can receive the profile package encrypted in anencryptable unit, from the profile server 210. The electronic device candivide the received profile package in a unit transmittable to the eUICC220 and transmit the divided profile packages to the eUICC 220. TheeUICC 220 can receive profile package information divided and encryptedin a transmittable unit. The eUICC 220 can combine the profile packageinformation, divided in a transmittable unit, in an encryptable ordecodable unit. The encryptable unit and the decodable unit can beidentical to each other. That is, the eUICC 220 can decode theinformation divided in a transmittable unit by combining the informationwith the profile package information in an encryptable unit before thedivision. The eUICC 220 can decode the profile package information,combined in an encryptable unit. The eUICC 220 can identify the decodedprofile package information as information in an installable unit andcombine the information. The eUICC 220 can start to install the profilepackage information in an installable unit. That is, the eUICC 220 canstart to preferentially install the profile package with respect to theprofile package information in an installable unit when the profilepackage information in an installable unit is included as a result ofthe decoding. Remaining information, excluding the profile packageinformation in an installable unit, within the decoded information canbe stored in a buffer. The eUICC 220 additionally receives profilepackage information in a transmittable unit, combines the profilepackage information in a transmittable unit in an encryptable unit, anddecodes the combined information. The eUICC 220 combines the decodedinformation on the profile and the remaining profile package informationstored in the buffer and identifies the profile package information inan installable unit. The eUICC 220 preferentially installs the profilepackage information in an installable unit and stores the remainingprofile package information in the buffer.

Further, the Profile Package TLV can include the NAA application itself.In this case, the eUICC 220 can determine whether a previously-storedNAA application is used or an NAA application included in the ProfileTLV is used. As an example, when an NAA application is included in theProfile Package TLV, the eUICC 220 can preferentially use thecorresponding NAA application. As another example, the Profile TLV caninclude identifier information by which the NAA application can beselected, and the eUICC 220 can determine whether the NAA applicationincluded in the Profile TLV is used or the previously-stored NAAapplication is used, using the value.

Further, the eUICC 220 can perform additional Personalization using anadditional TLV value in the Profile Package TLV. As an example, theeUICC 220 can configure a PIN value and a PUK value using data withinthe Profile Package TLV.

FIG. 3 illustrates a process of transmitting a Profile Package TLVaccording to an embodiment of the present disclosure. First, the ProfilePackage TLV can be generated in the profile server. For convenience, thesize of data of the Profile Package TLV is called N. As an example, Ncan be several hundreds of kBytes. Thereafter, the profile server canencrypt the Profile Package TLV using the Profile ProvisioningCredential, and include a signature value for an integrity check ifnecessary. In general, the size of encrypted data can be equal to orslightly larger than the size of plain text data. At this time, it isassumed in the present embodiment that the sizes are equal to eachother. Thereafter, the PP transmits the encrypted Profile Package TLV tothe PM. Thereafter, data is safely transmitted between the profileserver and the eUICC using encryption communication using the PMCcredential between the eUICC and the PM. FIG. 3 illustrates this processas a PM tunnel. The eUICC can store the Profile Package TLV in a storageplace for storing the encrypted Profile Package TLV. For convenience,this is called eUICC buffer 1. The size of the eUICC buffer1 isminimally equal to or larger than N. Thereafter, the eUICC decodes theProfile Package TLV, and then stores a plain text Profile Package TLV ina temporary storage place. For convenience, the storage place is calledeUICC buffer 2. The size of the eUICC buffer2 is minimally equal to orlarger than N. Thereafter, the eUICC can install a Profile in theProfile Container using the plain text Profile Package TLV.

Since the above-described method completely transmits the entire Profiledata to the eUICC and then decodes the Profile data, it can beidentified that a buffer storage place having the size larger than twicethat of the storage place is necessary in addition to the storage place.Further, even when there is an error in the plain text Profile PackageTLV data, the eUICC can discover the error only after the entire data istransmitted to the eUICC and is then decoded, so that much inconvenienceis predicted. As an example, a time of several minutes is consumed totransmit the profile data to the eUICC, and when the profile isdownloaded, even if there is an error in the corresponding ProfilePackage TLV, a time of several minutes is consumed to discover the errorand transmit an error message by the eUICC.

FIG. 4 illustrates a method of dividing and transmitting a profilepackage according to an embodiment of the present disclosure. Referringto FIG. 4, the Profile Package TLV can be generated in the profileserver. For convenience, the size of data of the Profile Package TLV iscalled N. As an example, N can be several hundreds of Kbytes.

The profile server can divide the Profile Package TLV into m parts togenerate m Profile Package TLVs, and encrypt each of them using theProfile Provisioning Credential. When dividing the profile package intom parts, the profile server can divide the profile package intoinformation in a unit installable in the eUICC. The profile server canencrypt the profile package, which has been divided into m pieces ofinstallable information, in a transmittable unit. For convenience, thesize of data of the encrypted and divided Profile Package TLV is calledn. As an example, when N is 100 Kbytes and m is 10, n can be 10 Kbytes.Thereafter, the PP can transmit the m encrypted and divided ProfilePackage TLVs to the PM. Then, the profile server can transmit theencrypted and divided Profile Package TLVs to the eUICC one by one orcan transmit the Profile Package TLVs together. When the Profile PackageTLVs are transmitted one by one, the size of the eUICC buffer 1 forstoring the encrypted Profile Package TLVs should be minimally equal toor larger than n. Thereafter, the eUICC decodes the Profile Package TLV,and then stores a plain text Profile Package TLV in a temporary storingplace. For convenience, the storage place is called eUICC buffer 2.Thereafter, the eUICC acquires information on the divided plain textProfile Package TLV. Thereafter, the eUICC can install a part of theentire profiles using information on the divided Profile Package TLVs,or can install the profiles after the divided Profile Package TLVs aremerged with each other to generate one Profile Package TLV. The eUICCcan receive profile package information divided in a transmittable unit,and combine the divided profile package information in an encrytableunit. The eUICC can decode the information combined in an encryptableunit. When the profile package information in an installable unit isincluded as a result of decoding the profile package informationcombined in an encryptable unit, the eUICC can install the profilepackage information in an installable unit. Remaining informationexcluding the profile package information in an installable unit can bestored in the buffer. The eUICC additionally receives profile packageinformation, divided in a transmittable unit, and combines and decodesthe additionally-received information in an encryptable unit as above.The eUICC can combine the decoded profile package information and theremaining information stored in the buffer and identify the combinedinformation as information in an installable unit. The eUICC starts toinstall the profile package information in an installable unit andstores the remaining profile package information in the buffer. Afterreceiving the divided profile information, the eUICC verifies the TLVinformation after receiving the information on the divided profiles.When an error is discovered in the TLV information, the eUICC can selectthe entire Profile Package TLVs or some of the divided Profile PackageTLVs among the entire Profile Package TLVs and request retransmissionthereof. As an example, such a method of verifying a TLV can include thefollowing methods:

-   -   When an unrecognized tag is included, it is recognized that        there is an error;    -   When a Value area is short or large as compared with the size of        Length, it is recognized that there is an error;    -   When a range of Value corresponds to an unrecognized value, it        is recognized that there is an error.

Meanwhile, as illustrated in FIG. 4, when the Profile Package TLV isdivided and transmitted, the size of the eUICC buffer 1 can be reducedas compared with a case where the Profile Package TLV is transmittedwhile being not divided as illustrated in FIG. 3. As an example, whenm=10, the size of the eUICC buffer 1 can be reduced to 1/10.

As illustrated in FIG. 4, when the Profile Package TLV is divided andtransmitted, the eUICC should be able to recognize that thecorresponding Profile Package TLV is divided and be able to recognizethe number by which the Profile Package TLV is divided and an ordinalsequence of the divided Profile Package TLV.

Referring to Table 1-2, in order to express information on the dividedProfile Package TLVs, in an embodiment of the present disclosure, aSplit Number TLV and a Split Total Number TLV can be optionally added toa Value part of the Profile Package TLV.

The Split Number TLV implies the total number of the divided ProfilePackage TLVs (m value in FIG. 4), and the Split Number TLV indicates anordinal sequence of a specific divided Profile Package TLV including thecorresponding Split Number TLV from among the entire divided ProfilePackage TLVs. When receiving the Split Number TLV and the Split TotalNumber TLV, the eUICC can recognize the same as the divided ProfilePackage TLVs and process the same in the method of FIG. 4.

As an example, the eUICC can decode the encrypted and divided ProfilePackage TLV, identify the Split Number TLV within the divided ProfilePackage TLV, store the identified Split Number TLV in the eUICC buffer2, store the plurality of divided Profile Package TLVs in the eUICCbuffer 2, and then merge them into the Profile Package TLV before thedividing. The merging can include the following schemes:

-   -   Data contents can be simply and continuously attached to each        other;    -   Data contents can be simply and continuously attached to each        other in an order of the Split Number TLV.

As an example, the eUICC should receive the m entire divided ProfilePackage TLVs (i.e., when the Split Total Number is m). At this time,when some of the divided Profile Package TLVs are not received, theeUICC can request retransmission of the corresponding TLV data to thePM.

TABLE 1-2 Name M/O/C Tag Length Value Split Number O TBD TBD Split TotalNumber O TBD TBD . . .

FIG. 5 illustrates a method of transmitting divided profile packagesaccording to an embodiment of the present disclosure. Referring to 510in FIG. 5, as represented in Table 1-2, the division number (Split TotalNumber TLV) of the entire Profile Package TLV and the Split Ordernumbers indicating ordinal sequences of the divided Profile Package TLVsare included in the Profile Package TLV, and can be transmitted to theeUICC using the APDU message. It is possible that the division numberand the Split order numbers are slightly changed and transmitted in aform of not the APDU message but another message. For example, TLV datacan be transmitted using an HTTPS protocol using BIP communication.

Referring to 520 in FIG. 5, the division number (Split Total Number TLV)of the entire Profile Package TLVs and the Split Order Numbersindicating ordinal sequences of the Profile Package TLVs are notincluded in the Profile Package TLV, and the corresponding informationcan be transmitted together with the divided Profile Package TLVs whilebeing included in a message for transmitting the Profile Package TLV. Asan example, when the APDU command is used, the information can betransmitted while the Split Order Number and the Split Total Number areincluded in a P1 byte and a P2 byte, respectively. As another example,it is possible that the division number and the Split order numbers aretransmitted in a form of not the APDU message but another message. Forexample, when the TLV data is transmitted using the HTTPS protocol usingthe BIP communication while being included in the HTTP message, thedivision information can be transmitted together with the TLV.

When the profile is completely installed, the eUICC can store one ormore profiles. At this time, when a specific profile is activated, amobile communication function can be used by a mobile communication UEhaving the eUICC mounted thereto, using the corresponding profile.

FIG. 6 illustrates a process of generating and encrypting a profilepackage according to an embodiment of the present disclosure.

Referring to FIG. 6, reference numeral 610 corresponds to a profilepackage. Reference numeral 620 corresponds to a set of profile packageinformation divided in an installable unit. In FIG. 6, the profilepackage 610 can be divided into 5 pieces of profile package informationin an installable unit. A profile server can divide the profile package610 into profile package information in an installable unit. Profilepackage information 621, 622, 623, 624, and 625 in an installable unitcan be installed in the eUICC independently of other divided profilepackage information, respectively. For example, when the eUICC receivesthe entirety of the profile package information 621 and a part of theprofile package information 622, the eUICC can install the profilepackage information 621 in an installable unit regardless of unreceivedremaining information of the profile package information 622.

In FIG. 6, reference numeral 630 is a set of profile package information631, 632 and 633 configured in an encryptable unit. The profile packageinformation in an encryptable unit can be configured by a combination ofprofile package information divided in an installable unit. For example,the profile package information 631 in an encryptable unit can includethe entirety of the profile package information 621 and a part of theprofile package information 622 from among the profile packageinformation in an installable unit. The profile package information 632in an encryptable unit can include remaining information not included inthe profile package information 631 from among the profile packageinformation 622 from among the profile package information in aninstallable unit and can include the entirety of the profile packageinformation 623 and a part of the profile package information 624. Theprofile package information 633 in an encryptable unit can includeremaining information not included in the profile package information632 from among the profile package information 624 from among theprofile package information in an installable unit and can include theentirety of the profile package information 625.

The profile server can encrypt and transmit the profile packageinformation 631, 632, and 633 in an encryptable unit. The profile servercan encrypt each profile package information in an encryptable unit andtransmit the encrypted profile package information to the electronicdevice including the eUICC.

The electronic device can receive the profile package information 631,632 and 633 transmitted in an encryptable unit. The electronic devicecan divide, in a transmittable unit, the received profile packageinformation 631, 632, and 633 in an encryptable unit, and transmit thedivided profile package information to the eUICC. The eUICC can combinethe profile package information divided in a transmittable unit toinformation in an encryptable unit. That is, the eUICC can combine theprofile package information divided in a transmittable unit to theprofile package information 631, 632, and 633, respectively. When theprofile package information 631, 632 and 633 has been encrypted, theeUICC can decode the profile package information 631, 632 and 633. TheeUICC can identify/combine the decoded information as/to the profilepackage information in an installable unit. When there is the profilepackage information 621, 622, 623, 624, and 625 in an installable unit,the eUICC can start to preferentially install the acquired profilepackage information in an installable unit. The eUICC can decode theentirety of the profile package information 621 in an installable unitand a part of the profile package information 622 in an installableunit.

For example, when the profile package information 631 in an encryptableunit is decoded, the eUICC can install information corresponding to theprofile package information 621 from among the profile packageinformation in an installable unit. Since the entirety of the profilepackage information 622 is not acquired and only a part of the profilepackage information in an installable unit is acquired, the eUICC canstore, in the buffer, information corresponding to the profile packageinformation 622 from among the decoded information. Next, the eUICC candecode the profile package information 632. When the profile packageinformation 632 is decoded, information not included in the profilepackage information 631 from among the profile package information 622,the entirety of the profile package information 623, and a part of theprofile package information 624 can be decoded. The eUICC can acquirethe entirety of the profile package information 622 and the entirety ofthe profile package information 623 by combining a part of the profilepackage information 622 stored in the buffer and a part of the profilepackage information 622 acquired through the decoding. Since theentirety of the profile package information 622 and the entirety of theprofile package information 623 are acquired, the eUICC can install theprofile package information 622 and 623. Since the entirety of theprofile package information 624 is not acquired, a part of the profilepackage information 624 acquired through decoding profile packageinformation 634 can be stored in the buffer. In this way, the eUICC canreceive information divided and transmitted in a transmittable unit,combine and decode the received information to information in anencryptable unit, and identify/combine the decoded information as/toinformation in an installable unit, thereby installing a profilepackage.

FIG. 7 illustrates a method of transmitting and installing a profilepackage according to an embodiment of the present disclosure. In FIG. 7,a UE is an embodiment of an electronic device including an eUICC or aUICC. In FIG. 7, the UE corresponds to a UE including an eUICC or aUICC. The following operation can be performed by the UICC or the eUICCof the UE.

In operation 730, a profile server 710 can generate a profile package.The profile package can be a profile package having a TLV form. Astructure of the profile package in an embodiment of FIG. 7 will bedescribed with reference to FIG. 6. The profile server 710 can generateprofile package information 621, 622, 623, 624 and 625 in an installableunit. The profile server 710 can divide the generated profile packageinformation in an installable unit, and can divisionally generate theprofile package information in an installable unit when generating theprofile package information.

In operation 735, the profile server can reconfigure the profile packageinformation in an installable unit as profile package information in anencryptable unit. The profile package information 631, 632, and 633 inan encryptable unit can be configured by a combination of profilepackage information divided in an installable unit. The profile server710 can encrypt and transmit the profile package information 631, 632,and 633 in a transmittable unit. The profile server can encrypt each ofthe profile package information 631, 632, and 633 in an encryptableunit.

In operation 740, the profile server 710 can transmit the profilepackage information to a UE 720. The profile server 710 can configureand transmit the encrypted profile package information 631, 632 and 633to an eUICC of the UE 720 in a transmittable unit, in the UE 720. Whenthe entirety of the profile package information is configured by mpieces of transmittable profile package information, operation 740 canbe performed until the entirety of m pieces of profile packageinformation in an encryptable unit is transmitted.

The UE 720 can receive profile package information. The profile packageinformation can be encrypted. The UE 720 can transmit the receivedprofile package information to the eUICC of the UE 720. The UE candivide, in a transmittable unit, the encrypted profile packageinformation 631, 632, and 633, and transmit the divided profile packageinformation to the eUICC.

The eUICC can combine the profile package information divided in atransmittable unit and configure profile package information in anencryptable unit.

In operation 745, the eUICC of the UE can decode the encrypted profilepackage information 631, 632, and 633. In order to install a profile inthe eUICC, the profile server and the UE 720 or the eUICC can perform amutual authentication process for key agreement. The profile packageinformation can include a parameter necessary for generating anencryption key used to decode the profile package information encryptedby the eUICC. The eUICC can extract a parameter necessary for generatingan encryption key from the profile package information, generate theencryption key on the basis of the extracted parameter, and then performa decoding operation using the generated encryption key.

When the received profile package information 631 is decoded, theentirety of the profile package information 621 in an installable unitand a part of the profile package information in an installable unit canbe decoded. In operation 750, the UE 720 can process the profile packageinformation in an installable unit using the decoded information. Whenacquiring the profile package information in an installable unit, the UEcan install the acquired profile package information in an installableunit. For example, when the profile package information 631 in anencryptable unit is received and decoded, the eUICC can installinformation corresponding to the profile package information 621 fromamong the profile package information in an installable unit. The eUICCcan store information corresponding to the profile package informationfrom among the decoded information in the buffer.

In operation 755, the UE 720 can determine whether the profile packageinformation is completely installed. When the installation is notcompletely performed, the process can proceed to operations 740, 745 and750. The process can proceed to operation 740 when the profile packageinformation is not completely received, proceed to operation 745 whenthe profile package information is not completely decoded, and proceedto operation 750 when the profile package information is completelyreceived and decoded but is not completely installed. Meanwhile, whenthere is an error in the received profile package information, the UEcan request the profile server 710 to retransmit the correspondinginformation. In an embodiment of the present disclosure, since theprofile server 710 divisionally transmits the profile packageinformation in a transmittable unit, the profile server 710 canretransmit only profile package information in which an error hasoccurred and not the entirety of the profile package information whenthere is an error in specific information.

When the profile package information is completely installed, the UE 720can terminate an installation related operation. In operation 760, theUE can transmit, to the profile server 710, a profile packageinstallation completion message.

FIG. 8 illustrates a method of activating a profile after selecting theprofile, and a file structure of the profile.

Referring to FIG. 8, an individual profile can be installed in an eUICCplatform. At this time, the file structure of the individual profile caninclude one MF file. The eUICC platform can make a selection to show oneprofile from among a plurality of profiles by a UE. The eUICC platform,a UE, or an SM-SR can select one of the profiles. When a profile isselected by the UE, the eUICC can immediately perform a command receivedfrom the UE. Otherwise, when a profile is selected by the UE, the eUICCcan verify a signature value and perform a command received from the UEwithout immediately performing the command. Such a signature value canbe processed the following scheme:

-   -   In case of signature value using symmetric key, verify signature        value using symmetric key;    -   In case of signature value using private key of RSA        authentication certificate, verify signature value using RSA        public key;    -   In case of ECDSA signature value using private key of ECC        authentication certificate, verify ECDSA signature using public        key of ECC authentication certificate.

Meanwhile, a format of the profile stored in the PP can have thefollowing structure. The corresponding format can be converted into aform of the Profile Package TLV or a Remote APDU in order to downloadthe profile to the eUICC.

Table 5 describes contents of a profile package. The profile package caninclude the entirety or a part of the contents of Table 5.

TABLE 5 Value Item Function Status Type CardProfile  Header M   TemplateInformation This section describes all the M attributes that willcapture details about the skeleton    Template Version Referenceaccording to which M Variable skeleton version this file has String beenproduce. Value: 1.0 ...   SIMCardProfileReference Profile referenceinformation M    MobileCountryCode MobileCountryCode M 3 INT   MobileNetworkCode MobileNetworkCode M 3 INT    ...   ...  CardBody  MF_DF R    File Name Name of the MF or DF M Variable String    FileType ENUM value: ‘00’ for MF, M ENUM ‘11’ for DF    ...   ADF O/R   File Name Name of the ADF. M Variable String    File Type ENUM value:‘00’ for USIM M ENUM    ...   EF O/R    File Name Name of the EF MVariable String    ...  Card_Management M   Authentication Defines therequirements M needed for authentication    Authentication3G O/R    Authentication3GAlgorithm Authentication Algorithm: O/R ENUM ENUMvalue: ‘00’ for MILENAGE, ‘01’ for TUAK     Authentication3GSeqNbSequence number linked to O Boolean the Authentication activated (Y orN) or not according to TS 33.102      Authentication3GFreshness TestDefines if the freshness test is O Boolean activated or not according to(Y or N) TS 33.102      Authentication3GAgeLimitTest Defines if agelimit test is set O Boolean or not according to TS 33.102 (Y or N)     Authentication3GWrapAround Defines if protection against O Boolean     Protection wrap around is set or not (Y or N) according to TS33.102     Authentication3GDeltaValue Value of Delta for wrap C Variablearound according to TS Hex 33.102     Authentication3G_L_Value Value ofL for age limit C Variable according to TS 33.102 Hex    Authentication3G_SQN_Index Length of SQN Array C Variable accordingto 33.102 (default: Hex 32)     Authentication3GRESLength Value of theRES length for C ENUM TUAK ENUM value: ‘00’ for 64, ‘01’ for 128 bits    Authentication3G_Ri_Ci_ValueType MNO Specific configurations C ENUMfor MILENAGE ENUM value: ‘00’ for default Ri and Ci values according toTS 35.206, ‘01’ for MNO Specific Ri and Ci values     Authentication3G_R1 MNO Specific r1 value O INT     Authentication3G_R2 MNO Specific r2 value O INT     Authentication3G_R3 MNO Specific r3 value O INT     Authentication3G_R4 MNO Specific r4 value O INT     Authentication3G_R5 MNO Specific r5 value O INT     Authentication3G_Ci MNO Specific ci values O 80 Hex Values:concatenation with c1, c2, c3, c4 and c5 in Hex format    Authentication3G_TUAK_Iteration Number of iterations of O INT Keccakpermutation according to TS 35.231     Authentication3G_K 128 bit forMILENAGE or M 16 Hex TUAK     Authentication3G_OP MILENAGE OP, accordingto C 16 Hex 3GPP TS 35.206     Authentication3G_OPc MILENAGE OPc,according C 16 Hex to 3GPP TS 35.206     Authentication3G_TOP TUAK TOP,according to C 32 Hex 3GPP TS 35.231     Authentication3G_TOPc TUAKTOPc, according to C 32 Hex 3GPP TS 35.231     ...    ...   ... Applications To capture details about the M applications installed onthe card, AID structure, applet status.   RFM application O/R    TARToolkit application reference M 3 Hex    ...   RAM application O/R   TAR Toolkit application reference M 3 Hex    ...  Applets   ... Note:Parameters should be further categorized and added into this table tofully describe a profile. Note: Values for Status (M: Mandatory, O:Optional, C: Conditional, R: Repeatable).

The profile can include the type of a separate NAA algorithm, aparameter of the NAA algorithm, and an NAA Key value (e.g., K for USIMand K for SIM) according to each AMF value. In this case, the eUICC canexecute an NAA application program to correspond to the type of aseparate NAA algorithm, a parameter of the NAA algorithm, and an NAA Keyvalue (e.g., K for USIM and K for SIM) according to each AMF value.

FIG. 9 illustrates an AKA authentication process for performingauthentication of USIM within an eSIM profile.

The AKA authentication process can be performed when an NAA installed inthe profile corresponds to a USIM.

The NAA can be transmitted while being included in the profile or canpreviously exist in the eUICC platform.

When the NAA is included in the profile, the corresponding NAA does notimplement an f1 function, an f2 function, an f3 function, and an f4function of FIG. 9, and can be implemented to call a functionimplemented in the eUICC platform. Further, when calling the f1function, the f2 function, the f3 function, and f4 function, the eUICCcan select and use a parameter corresponding to the AMF fieldtransmitted from the UE. For example, the eUICC can select and use anauthentication encryption key (K) value according to the AMF value. Asanother example, the eUICC can use different authentication algorithmconfiguration values (e.g., r1-r5, c1-c5, etc. of an MILENAGE algorithm)according to the AMF value.

In FIG. 9, a logic for verifying whether the SQN is included in acorrect range can be downloaded while being included in profileinformation. The corresponding logic can be included in the NAAapplication program excluding the f1 function, the f2 function, the f3function, and the f4 function.

FIGS. 10 to 13 illustrate an operation of transmitting profileinformation according to an additional embodiment of the presentdisclosure.

Referring to FIG. 10, first, the profile server can configureinformation constituting the Profile in a Profile Package TLV form. Theprofile server can configure profile package information by dividing theprofile package information in an installable unit.

The Profile Package TLV includes information by which the profile can beinstalled in the eUICC after being transmitted to the eUICC of the UE.

The profile server can include the Profile Package TLV in a messagehaving an APDU form. In general, data which can be included in the APDUhas maximally the size of 255 bytes, and the Profile Package TLV has thesize of several tens of kBytes to several hundreds of Kbytes. Thus, whenthe Profile Package TLV is included in the APDU, the Profile Package TLVis included in the individual APDU in a state in which the ProfilePackage TLV is divided. The APDU can be a transmittable unit for theprofile package.

The divided APDU can be encrypted in a transmission process or aprevious step. The profile service can encrypt the profile packageinformation in a transmittable unit, and then include the encryptedprofile package information in the APDU. The profile server can transmitthe encrypted APDU or the APDU including the encrypted profile packageinformation from the PP to the PM. At this time, data can beadditionally protected using a communication channel security schemesuch as VPN and IPSEC. Further, the PP can perform a mutualauthentication process with the eUICC before transmitting APDU data tothe PM. Such a mutual authentication process will be as follow:

-   -   Perform authentication on basis of ECC authentication        certificate;    -   Generate symmetric key through ECKA process on basis of ECC        authentication certificate and then perform authentication on        basis of generated symmetric key;    -   Perform mutual authentication on basis of RSA authentication        certificate;    -   When performing mutual authentication on basis of RSA        authentication certificate, generate symmetric key and then        perform authentication on basis of generated symmetric key;    -   Encrypt generated symmetric key on basis of RSA authentication        certificate, transmit encrypted symmetric key, and then perform        mutual authentication on basis of mutual key, by PP.

The profile server can generate a TLS communication channel through TLShandshaking with the eUICC. Such TLS handshaking can be performed usingthe RSA authentication certificate or a previously-stored symmetric key.

The profile server can transmit the encrypted Profile Package TLV or thedivided and encrypted Profile Package TLV to the UE using the TLScommunication channel in a state in which the Profile Package TLV isincluded in the HTTP message. At this time, the implementation that theProfile Package TLV is transmitted while being included in the HTTPmessage merely corresponds to an example of implementation, and theProfile Package TLV can be transmitted while being included in anothercommunication protocol.

For example, the Profile Package TLV can be transmitted to a MODEM unitof the UE. The MODEM unit of the UE can transmit a received IP packet tothe eUICC in a state in which the IP packet is included in a TERMINALRESPONSE APDU message. To this end, the profile server can generate aBearer Independent Protocol channel with the eUICC using an SMS messagein advance. The SMS message can include an encrypted PUSH ADPU command.The SMS message can be transmitted from the MODEM unit of the UE to theeUICC while being included in ENVELOPE APDU, and a PUSH APDU command canbe processed after the encrypted PUSH APDU command within the SMSmessage included in the ENVELOPE message is decoded.

The eUICC can generate a BIP channel using an OPEN CHANNEL Proactivecommand after processing the PUSH APDU. The TERMINAL RESPONSE can be anAPDU command by which an IP packet stored in a reception buffer of theMODEM unit of the UE can be transmitted to the eUICC. At this time, theTERMINAL RESPONSE can be a RECEIVE DATA Proactive command transmittedfrom the eUICC. In general, since the size of data in TERMINAL RESPONSEAPDU is within 255 bytes, TERMINAL RESPONSE APDU can be transmittedseveral times in order to transmit data having a size larger than 255bytes.

The eUICC can immediately process the data transmitted by receiving theTERMINAL RESPONSE, and process received data together after receiving aplurality of TERMINAL RESPONSEs. In detail, the HTTP message can berestored by aggregating data included in the plurality of TERMINALRESPONSEs. When the HTTP is restored, the eUICC extracts encrypted APDUcommands in the body text of the HTTP message using an AID value or aTAR value in a header area, and then transmits the encrypted APDUcommand to a Security Domain, a Profile Domain, or an Applicationcorresponding to the AID value or the TAR value. Then, the SecurityDomain (or the Profile Domain or the Application) can decode and thenprocess the encrypted APDU command.

When the encrypted APDU message is included in the HTTP message, if auser wants to express the encrypted APDU message in a STRING form, theuser can use the following schemes:

-   -   Convert value, obtained by transforming APDU binary data in        hexadecimal form, into character string: In this case, 1 byte of        hexadecimal data is converted into two characters, the size of        data included in a final http message can be increased two        times;    -   APDU binary data is Base-64-encoded to be converted into        character string: In this case, the size of data can be        increased by about 33%.

As above, when the APDU command is converted in a STRING form and istransmitted, an amount of messages transmitted between the Terminal andthe eUICC is increased two times, thereby greatly increasing a timeperiod during which the profile is downloaded. Thus, it can be preferredthat the APDU command is not converted into a character string and istransmitted in a binary data form.

The eUICC decodes the received APDU. When profile package information inan installable unit is included as a result of the decoding, the eUICCcan install the profile package information in an installable unit.Remaining information excluding the information on the profile packagein an installable unit can be stored in the buffer. The eUICC canadditionally receive the APDU, and decode the APDU. The eUICC caninstall the profile package information in an installable unit using thedecoded information of the received APDU in addition to the remainingdata stored in the buffer.

Referring to FIG. 11, first, the profile server can configureinformation constituting the Profile in a Profile Package TLV form.

The Profile Package TLV includes information by which the profile can beinstalled in the eUICC after being transmitted to the eUICC.

The profile server can encrypt the Profile Package TLV as it is.Otherwise, the PP can divide the Profile Package TLV into several partsand then encrypt the same. The profile server can divide a profilepackage TLV into profile package information in an installable unitand/or a transmittable unit, and encrypt the divided profile packageinformation.

The PP can transmit the encrypted Profile Package TLV to the PM. At thistime, data can be additionally protected using a communication channelsecurity scheme such as VPN and IPSEC. Further, the PP can perform amutual authentication process with the eUICC before transmitting theencrypted Profile Package TLV to the PM. Such a mutual authenticationprocess will be as follow:

-   -   Perform authentication on basis of ECC authentication        certificate;    -   Generate symmetric key through ECKA process on basis of ECC        authentication certificate; and then perform authentication on        basis of generated symmetric key;    -   Perform mutual authentication using RSA authentication        certificate;    -   When performing mutual authentication on basis of RSA        authentication certificate, generate symmetric key, and then        perform authentication on basis of generated symmetric key;    -   Encrypt generated symmetric key using RSA authentication        certificate, transmit encrypted symmetric key, and perform        mutual authentication using transmitted symmetric key, by PP.

The PM can generate a TLS communication channel through TLS handshakingtogether with the eUICC. Such TLS handshaking can be performed using theRSA authentication certificate or a previously-stored symmetric key.

The profile server can include one APDU message or a plurality of APDUmessages in the HTTP message, and transmit the HTTP message to the UEusing the TLS communication channel. For example, the Profile PackageTLV can be transmitted to a MODEM unit of the UE. The MODEM unit of theUE can transmit a received IP packet to the eUICC in a state in whichthe IP packet is included in a TERMINAL RESPONSE APDU message. To thisend, the PM can generate a Bearer Independent Protocol channel with theeUICC using an SMS message in advance. The SMS message can include anencrypted PUSH ADPU command. The SMS message can be transmitted from theMODEM unit of the UE to the eUICC while being included in ENVELOPE APDU,and a PUSH APDU command can be processed after the encrypted PUSH APDUcommand within the SMS message included in the ENVELOPE message isdecoded. The eUICC can generate a BIP channel using an OPEN CHANNELProactive command after processing the PUSH APDU. The TERMINAL RESPONSEcan be an APDU command by which an IP packet stored in a receptionbuffer of the MODEM unit of the UE can be transmitted to the eUICC. Atthis time, the TERMINAL RESPONSE can be a RECEIVE DATA Proactive commandtransmitted from the eUICC. In general, since the size of data inTERMINAL RESPONSE APDU is within 255 bytes, TERMINAL RESPONSE APDU canbe transmitted several times in order to transmit data having a sizelarger than 255 bytes.

The eUICC can immediately process the data transmitted by receiving theTERMINAL RESPONSE, and process received data together after receiving aplurality of TERMINAL RESPONSEs. In detail, the HTTP message can berestored by aggregating data included in the plurality of TERMINALRESPONSEs. When the HTTP is restored, the eUICC can extract encryptedProfile Package TLV in the body text of the HTTP message using an AIDvalue or a TAR value in a header area, and then transmit the encryptedProfile Package TLV command to a Security Domain, a Profile Domain, oran Application corresponding to the AID value or the TAR value. Then,the Security Domain (or Profile Domain or Application) can decode theencrypted Profile Package TLV, and then install the profile using thedecoded Profile Package TL.

When the Profile Package TLV is included in the HTTP message, if a userwants to express the Profile Package TLV in a STRING form, the user canuse the following schemes:

-   -   Convert value, obtained by transforming APDU binary data in        hexadecimal form, into character string: In this case, 1 byte of        hexadecimal data is converted into two characters, and thus,        size of data finally included in http message can be increased        two times;    -   APDU binary data is Base64-encoded to be converted into        character string: In this case, size of data can be increased by        33%.

As above, when the Profile Package TLV is converted in a STRING form andis transmitted, an amount of messages transmitted between the UE and theeUICC is increased two times, thereby greatly increasing a time periodduring which the profile is downloaded. Thus, it can be preferred thatthe Profile Package TLV is not converted into a character string and istransmitted in a binary data form.

Referring to FIG. 12, first, the profile server can configureinformation constituting the Profile in an APDU form. The APDU can be atransmittable unit of a profile package and can include the profilepackage information in an installable unit.

The PP can encrypt the APDU in a transmission process or a previousstep. The profile service can encrypt the profile package information ina transmittable unit, and then include the encrypted profile packageinformation in the APDU. The profile server can transmit the encryptedAPDU or the APDU including the encrypted profile package informationfrom the PP to the PM. At this time, data can be additionally protectedusing a communication channel security scheme such as VPN and IPSEC.Further, the PP can perform a mutual authentication process with theeUICC before transmitting APDU data to the PM. Such a mutualauthentication process will be as follow:

-   -   Perform authentication on basis of ECC authentication        certificate;    -   Generate symmetric key through ECKA process on basis of ECC        authentication certificate, and then perform authentication on        basis of generated symmetric key;    -   Perform mutual authentication using RSA authentication        certificate;    -   When performing mutual authentication on basis of RSA        authentication certificate, generate symmetric key, and then        perform authentication on basis of generated symmetric key;    -   Encrypt generated symmetric key using RSA authentication        certificate, transmit encrypted symmetric key, and then perform        mutual authentication using transmitted symmetric key, by PP.

The profile server can generate a TLS communication channel through TLShandshaking together with the eUICC. Such TLS handshaking can beperformed using the RSA authentication certificate or apreviously-stored symmetric key.

The PM can transmit encrypted APDUs to an AP of the UE. When the PMdirectly communicates with the eUICC, a probability that thecommunication succeeds can be lowered, and thus, data is stablydownloaded to the AP of the UE through high speed communication such as3G communication or LTE communication, and the APDU message is thentransmitted from the AP of the UE to the eUICC via a MODEM or directly.

In this case, since an ETSI TS 102.226 Remote Application Management(RAM) application or a Remote File Management (RFM) application cannotprocess the message to be transmitted to the UE, a dedicated profileinstallation application for processing the message received from the UEand installing a file system and an application is separately needed inthe eUICC. For convenience, the APDU for installing the profile can be aProfile Download message. A header of the Profile Download message caninclude a CLA byte, an INS byte, a P1 byte, and a P2 byte.

Further, the UE can transmit a Profile Download APDU or another APDUmessage to the eUICC before transmitting the APDU including the profileinformation, and transmit the APDU to the eUICC in a state in which theAPDU includes information on which Security Domain or Profile Domain orApplication the APDU including the profile information is processed by.Further, the APDU message can transmit the profile using a logicalchannel of a value different from 0 using the CLA byte even when anotherapplication program exists in the eUICC.

Meanwhile, the UE can transmit the profile information to the eUICCusing the Profile Download APDU, and then additionally transmit aseparate APDU command to the eUICC, thereby installing the profile.

In the above method, since the APDU is not transmitted while beingincluded in the HTTP message, it is unnecessary to convert the APDUcommand into a character string, and since the APDU message having abinary form is directly transmitted, an efficiency thereof is increasedby 33%-100%.

Referring to FIG. 13, first, the profile server can generate and thenencrypt a Profile Package TLV including information constituting theProfile. Further, the Profile Package TLV can be encrypted in a state inwhich the Profile Package TLV is divided in a specific size. The profileserver can divide and generate the generated profile package informationinto a plurality of pieces of profile package information in aninstallable unit. Further, the profile server can encrypt the profilepackage information in an encryptable unit, which includes the profilepackage information in an installable unit.

Further, the profile server can encrypt the Profile Package TLV in atransmission process or a previous step.

The profile server can transmit the encrypted Profile Package TLV fromthe PP to the PM. At this time, data can be additionally protected usinga communication channel security scheme such as VPN and IPSEC. Further,the PP can perform a mutual authentication process with the eUICC beforetransmitting the Profile Package TLV to the PM. Such a mutualauthentication process will be as follow:

-   -   Perform authentication on basis of ECC authentication        certificate;    -   Generate symmetric key through ECKA process on basis of ECC        authentication certificate, and then perform authentication on        basis of generated symmetric key;    -   Perform mutual authentication using RSA authentication        certificate;    -   When performing mutual authentication on basis of RSA        authentication certificate, generate symmetric key, and then        perform authentication on basis of generated symmetric key;    -   Encrypt generated symmetric key using RSA authentication        certificate, transmit encrypted symmetric key, and then perform        mutual authentication using transmitted symmetric key, by PP.

The profile server can transmit the encrypted Profile Package TLV to anAP of the UE. At this time, the profile server can transmit the ProfilePackage TLV in a state in which the Profile Package TLV is divided intoAPDUs, or can transmit the Profile Package TLV using an applicationprotocol. An example of the Application Protocol can correspond to anHTTP protocol. When the profile server directly communicates with theeUICC, a probability that the communication succeeds can be lowered, andthus, data is stably downloaded to the AP of the UE through high speedcommunication such as 3G communication or LTE communication, and theAPDU message is then transmitted from the AP of the UE to the eUICC viaa MODEM or directly.

In this case, since an ETSI TS 102.226 Remote Application Management(RAM) application or a Remote File Management (RFM) application cannotprocess the message to be transmitted to the UE, a dedicated profileinstallation application for processing the message received from the UEand installing a file system and an application is separately needed inthe eUICC. For convenience, the APDU for installing the profile can be aProfile Download message. A header of the Profile Download message caninclude a CLA byte, an INS byte, a P1 byte, and a P2 byte.

Further, the UE can transmit a Profile Download APDU or another APDUmessage to the eUICC before transmitting the APDU including the profileinformation, and transmit the APDU to the eUICC in a state in which theAPDU includes information on which Security Domain or Profile Domain orApplication the APDU including the profile information is processed by.Further, the APDU message can transmit the profile using a logicalchannel of a value different from 0 using the CLA byte even when anotherapplication program exists in the eUICC.

Meanwhile, the UE can transmit the profile information to the eUICCusing the Profile Download APDU, and then additionally transmit aseparate APDU command to the eUICC, thereby installing the profile.

In the above method, since the APDU is not transmitted while beingincluded in the HTTP message, it is unnecessary to convert the APDUcommand into a character string, and since the APDU message having abinary form is directly transmitted, an efficiency thereof is increasedby 33%-100%.

FIG. 14 illustrates a process of generating and installing a profile ofan eUICC according to an embodiment of the present invention.

Referring to FIG. 14, in operation 1450, a Mobile Network Operator (MNO)1410 can request an SM-DP 1420 to prepare a large amount of profilesbefore the profiles are installed in a specific UE 1440. In operation1455, the SM-DP 1420 can generate and store a profile. At this time, theSM-DP 1420 can previously generate the profiles, store a profile ID(e.g., an ICCID), an IMSI, a K, and an OPc value, and provide the sameto the MNO 1410. Then, the MNO 1410 can store the correspondinginformation even in an MNO server. Thereafter, the MNO 1410 can requestthe SM-DP 1420 to download one profile among the profiles to thespecific eUICC. In this case, the MNO 1410 can transmit, to the SM-DP1420, an EID value by which the specific eUICC can be classified and aprofile ID or an ICCID value by which the profile can be classified.Further, the MNO 1410 can update a data value or configurationinformation of the MNO server to allow access of the UE 1440 whichrequests a network access using the corresponding profile, using IMSI, aK value, an OPc value stored in the MNO server. The informationtransmitted by the MNO 1410 to the SM-DP 1420 can be transmitted in aform of the HTTP message or the SOAP message.

Thereafter, the SM-DP 1420 can install the profile in the eUICC throughthe process of downloading a profile as described in each embodiment ofthe present disclosure. The profile package can be transmitted to the UE1440 on the basis of operation 1460 and operation 1465. The eUICC of theUE can install the received profile package. The above method is similarto a procedure of previously preparing the existing UICC card byallowing the MNO 1410 to order the existing UICC card from an SIMmanufacturer and providing the UICC card to a customer, therebyproviding a service. Meanwhile, unlike a physical SIM, an eSIM Profilecan be remotely downloaded, and thus, it can be efficient to notpreviously mass-product a profile and transmit information in real-time.For example, when the MNO 1410 should interwork with a plurality ofSM-DPs 1420, it is better that, when the profile is downloaded to anindividual eUICC as illustrated in FIG. 15, the profile is produced bytransmitting necessary information, as compared with a case whereprofiles are previously produced in a plurality of SM-DPs.

Referring to FIG. 15, in operation 1550, the MNO 1510 can transmit aProfile downloading request message to the SM-DP 1520, and the Profiledownloading request message can include IMSI, a K value, and an OPcvalue in addition to an EID and a profile ID (e.g., an ICCID).

In operation 1555, the SM-DP 1520 can generate a profile in real-time orat a configured time using the information to download the profile inreal-time or at the configured time. An example relating to the MNOserver and the SM-DP 1520 can correspond to a case where the operatingmethod of FIG. 6 and the operating method of FIG. 7 are mixedly used. Asan example, the SM-DP 1520 can generate a profile using thecorresponding information and download the profile when the Profiledownloading request message received from the MNO 1510 includes IMSI, aK value, and an OPc value, identify whether there is apreviously-generated profile corresponding to the ICCID or the profileID when the Profile downloading request message received from the MNOdoes not include IMSI, a K value, and an OPc value and includes only aEID value and an ICCID value, and download a profile using thecorresponding profile when it is identified that there is the profile.Thus, in preparation for the massive release of specific UEs, a profileis produced and downloaded in advance, or else, the profile isdownloaded in real-time. As above, two types of profile informationtransfer schemes can be used independently of each other, and can beselectively operated according to a situation. On the basis of operation1560 and operation 1565, the profile package can be transmitted to theUE 1540. The eUICC of the UE 1540 can install the received profilepackage.

FIGS. 16A and 16B illustrate a process of transmitting and installing aneUICC profile according to another embodiment of the present disclosure.

Referring to FIGS. 16A and 16B, in order to install a profile, a profileserver 1610 and a UE 1620 can be provided, and an eUICC 1625, which isincluded in or can be coupled to the UE, can be provided.

In operation 1650, the profile server 1610 can prepare a profilepackage. The profile server 1610 can generate a profile package. Theprofile package can have a TLV form. The profile package having a TLVform can be named a profile package TLV.

In operation 1655, the profile server 1610 can divide the preparedprofile package into information in an installable unit. The profileserver 1610 can prepare a profile package, divide the profile packageinformation in an installable unit, and can divisionally generate theprofile package information in an installable unit when generating theprofile package. The information in an installable unit, which isinformation configured to be installed in the eUICC 1625 even though theentire profile package is not transmitted to the eUICC 1625 when theinformation in an installable unit is transmitted to the eUICC 1625, canimply a part of information of the entire profile package.

In operation 1660, the profile server 1610 can configure, in anencryptable unit, the information divided in an installable unit. Theencryptable unit can be a predetermined size. The profile server canreconfigure a profile package, configured by m pieces of information inan installable unit, as n pieces of information in an encryptable unit.The n and the m can be equal to each other or can be different from eachother. With regard to data generated during encrypting for eachencryptable unit, an integrity guarantee data for an encryptable unitcan be added to data obtained by encrypting an encryptable data. Theintegrity guarantee data can be a Message Authentication Code.

In operation 1665, the profile server 1610 can encrypt the informationreconfigured in an encryptable unit.

In operation 1670, the profile server 1610 can transmit the encryptedinformation in an encryptable unit to the electronic device 1620. Theelectronic device can download n pieces of the encrypted information.The profile server 1610 can divide the encrypted information intoinformation in a transmittable unit and transmit the divided informationto the electronic device 1620. At this time, the transmittable unit cancorrespond to a size in which the electronic device having received theprofile package can transmit the received profile package to a UICC ofthe electronic device 1620.

In operation 1675, the electronic device 1620 can transmit the receivedprofile package information to the eUICC 1625 embedded therein orcoupled thereto. The electronic device 1620 can divide the receivedinformation into information in a transmittable unit and transmit thedivided information to the eUICC 1625. When the profile server 1610divides and transmits the information in a transmittable unit, thereceived information can be transmitted to the eUICC 1625 as it is.

In operation 1680, the eUICC 1625 can receive the profile packageinformation divided and encrypted in a transmittable unit. The eUICC1625 can combine the profile package information, divided in atransmittable unit, in an encryptable or decodable unit. The encryptableunit and the decodable unit can be identical to each other. That is, theeUICC 1625 can decode the information divided in a transmittable unit bycombining the information with the profile package information in anencryptable unit before the division.

In operation 1685, the eUICC 1625 can decode the profile packageinformation, combined in an encryptable unit. In order to install aprofile in the eUICC 1625, the profile server and the electronic deviceor the eUICC 1625 can perform a mutual authentication process for keyagreement. The profile package information can include a parameternecessary for generating an encryption key used to decode the profilepackage information encrypted by the eUICC. The eUICC can extract aparameter necessary for generating an encryption key from the profilepackage information, generate the encryption key on the basis of theextracted parameter, and then perform a decoding operation using thegenerated encryption key.

In operation 1690, the eUICC 1625 can identify the decoded profilepackage information as information in an installable unit and combinethe identified information. The eUICC 1625 can decode the encryptedinformation and combine the decoded information with the informationstored in the buffer, thereby acquiring profile package information inan installable unit.

In operation 1695, the eUICC 1625 stores, in the buffer, remaininginformation except for the profile package information in an installableunit. The information stored in the buffer can be used for acquiringprofile package information in an installable unit by combing theinformation stored in the buffer and information to be decoded later.

In operation 1697, the eUICC 1625 can start to install the profilepackage information in an installable unit. In the above method, theeUICC 1625 can firstly start to install profile package informationearlier acquired in an installable unit.

When a profile package is not completely installed, the process proceedsto operation 1675 and repeats the above operation. For example, when theelectronic device 1620 receives n pieces of encrypted information fromthe profile server 1610, the process can repeatedly perform operation1675 to operation 1697 n times. Meanwhile, the eUICC 1625 can shorten aprofile installation time by performing operation 1675 to operation 1697in parallel. In operation 1675 to operation 1697, the eUICC 1625receives the profile package information divided in a transmittable unitand combines the received information to information in an encryptableunit. The combined information in an encryptable unit can be decoded andthe profile can be installed for each installable unit. Even whileoperation 1675 to operation 1697 are performed, operation 1675 tooperation 1697 with regard to newly-received information can beperformed in parallel. That is, after operation 1675 to operation 1697with regard to specific kth information are performed, operation 1675 tooperation 1697 with regard to (k+1)th information can be performed.Further, while operation 1675 to operation 1697 with regard to specifickth information are performed, operation 1675 to operation 1697 withregard to (k+1)th information can be performed.

Meanwhile, an operation of the parallel process can be controlledaccording to an amount of information stored in the buffer. For example,when the amount of information stored in the buffer is equal to orlarger than a predetermined value, in the parallel process, a decodingoperation is terminated and the profile package information in aninstallable unit, which is being processed in the buffer, ispreferentially performed, so that a buffer value can be reduced. Whenthe buffer value is lowered, the decoding operation is restarted, sothat a system can be efficiently operated. Without terminating theparallel process, a control can be performed to make a decoding speedslower, and make an installation speed for the profile packageinformation in an installable unit faster. The above operation cancontrol the parallel process as described above when the profile packageinformation in an installable unit, stored in the buffer, exceeds apredetermined threshold value. That is, the decoding operation isterminated or the decoding speed is made to be slower until the buffervalue (the amount of information stored in the buffer) becomes equal toor lower than a predetermined reference value.

FIG. 17 illustrates a profile server according to an embodiment of thepresent disclosure.

Referring to FIG. 17, a profile server 1700 can include atransmission/reception unit 1710 that receives a signal from anothernode or transmits a signal to another node, a controller 1730 thatcontrols an overall operation of the profile server, and a storage unit1720 that stores a profile and information on the profile.

According to an embodiment of the present disclosure, the controller1730 can make a control to generate a profile package, divide theprofile package in a unit installable in a UICC of an electronic device,reconfigure the divided profile information in an encryptable unit, andtransmit the reconfigured profile information to the electronic device.

Further, the controller 1730 can make a control to encrypt the profileinformation in an encryptable unit.

The profile package can be configured by n pieces of profile informationdivided in an installable unit, and the n pieces of profile informationcan be reconfigured as m pieces of profile information in an encryptableunit. Further, the profile package can have a TLV form.

The controller 1730 can control an operation of the profile serveraccording to an embodiment of the present disclosure as describedthrough FIGS. 1 to 15.

FIG. 18 illustrates an electronic device according to an embodiment ofthe present disclosure.

Referring to FIG. 18, an electronic device 1800 can include atransmission/reception unit 1810 that receives a signal from anothernode and transmits a signal to another node, and a controller thatcontrols an overall operation of the electronic device 1800. Further,the electronic device 1800 can include a UICC 1820 that downloads aprofile from a profile server and installs the downloaded profile. Thecontroller 1830 can control an operation of the UICC 1820. Theelectronic device 1800 can be a UE. The UICC 1820 can include aprocessor or a controller for installing a profile in the UICC.

The controller 1830 can make a control to receive first profileinformation in an encryptable unit, which constitutes a profile package,from the profile server, and transmit the first profile information inan encryptable unit to the UICC of the electronic device. The processorcan make a control to decode the first profile information in anencryptable unit, transmitted to the UICC, acquire first profileinformation in an installable unit from the decoded profile information,and install the acquired first profile information in an installableunit.

Further, the processor can make a control to store, in a buffer,remaining profile information excluding the profile information in aninstallable unit from among the decoded profile information.

Further, the processor can make a control to receive second profileinformation in an encryptable unit, which constitutes the profilepackage, from the profile server, transmit the second profileinformation in an encryptable unit to the UICC of the electronic device,decode the second profile information in an encryptable unit,transmitted to the UICC, acquire second profile information in aninstallable unit on the basis of the remaining profile informationstored in the buffer and the decoded second profile information, installthe acquired second profile information in an installable unit, andstore, in the buffer, remaining profile information from among thesecond profile information in an encryptable unit.

Further, the controller 1830 can make a control to divide the firstprofile information in a transmittable unit and transit the dividedfirst profile information to the UICC. The processor can make a controlto combine the information divided in a transmittable unit to the firstprofile information in an encryptable unit and decode the combinedinformation.

The profile package can be configured by the profile information in aunit installable in the UICC, and the profile information in anencryptable unit can be reconfigured as profile information divided in aunit installable in the UICC. The profile package can be encryptedaccording to each profile information in a transmittable unit andtransmitted from the profile server to the electronic device. Theprofile package can have a TLV form.

The controller 1830 can control an operation of the electronic device(or eUICC) according to an embodiment of the present disclosure asdescribed through FIGS. 1 to 16. Further, the processor can control anoperation of the eUICC according to an embodiment of the presentdisclosure as described through FIGS. 1 to 16.

The controller 1830 can control an operation of the processor of theeUICC 1820 and can be implemented to perform an operation of theprocessor.

In the above-described embodiment of the present disclosure, componentsincluded in the present disclosure are expressed as a singular form or aplural form according to the presented detailed embodiment. However, forconvenience of description, the singular expression or the pluralexpression has been selected to be suitable only for the presentedsituation, the present disclosure is not limited to a singular or pluralcomponent, components expressed by the plural form can be configured asa singular component, and a component expressed by the singular form canbe configured as plural components.

Although the present disclosure has been described with an exemplaryembodiment, various changes and modifications may be suggested to oneskilled in the art. It is intended that the present disclosure encompasssuch changes and modifications as fall within the scope of the appendedclaims.

What is claimed is:
 1. A method of providing a profile package by aprofile server, the method comprising: generating a profile packageincluding a plurality of profile elements, wherein each profile elementis to be processed in a universal integrated circuit card (UICC) of anelectronic device independently from other profile elements; splittingthe profile package into a plurality of segments; generating anencrypted profile package including the plurality of segments that areencrypted; and transmitting the encrypted profile package to theelectronic device.
 2. The method of claim 1, wherein the profile packageis split into n pieces of profile elements, and the n pieces of theplurality of profile elements are configured into m pieces of theplurality of segments, wherein m and n are positive integers,respectively.
 3. The method of claim 1, wherein an encryption key forencrypting each of the plurality of segments is transmitted to theelectronic device with the encrypted profile package.
 4. The method ofclaim 1, wherein the profile package is in a tag length value (TLV) formand the profile package consists of a sequence of profile element TLVs.5. A profile server for providing a profile package, the profile servercomprising: a transceiver configured to transmit or receive a signal;and a controller configured to: generate a profile package including aplurality of profile elements, wherein each of the profile element is tobe processed in a universal integrated circuit card (UICC), of anelectronic device independently from other profile elements, split theprofile package into a plurality of segments, generate an encryptedprofile package including the plurality of segments that are encrypted,and transmit the encrypted profile package to the electronic device. 6.The profile server of claim 5, wherein the profile package is split inton pieces of profile elements, and the n pieces of the plurality ofprofile elements are configured as m pieces of the plurality ofsegments, wherein m and n are positive integers, respectively.
 7. Theprofile server of claim 5, wherein an encryption key for encrypting eachof the plurality of segments is transmitted to the electronic devicewith the encrypted profile package.
 8. The profile server of claim 5,wherein the profile package is in a tag length value (TLV) form and theprofile package consists of a sequence of profile element TLVs.
 9. Amethod for downloading a profile package by an electronic device, themethod comprising: receiving, from a profile server, an encryptedprofile package including a plurality of segments that are generatedbased on at least one profile element; generating a plurality of dataunits from the encrypted profile package; transferring the plurality ofdata units to a universal integrated circuit card (UICC) of theelectronic device; generating a plurality of profile elements from theplurality of data units, wherein each profile element is to be processedindependently from other profile elements; and installing the pluralityof profile elements in the UICC.
 10. The method of claim 9, furthercomprising: storing, in a buffer, remaining information included in adata unit except information on a profile element installed in the UICC.11. The method of claim 9, further comprising: generating at least onesegments from the plurality of data units in the UICC; and decoding theat least one segment; wherein a profile element among the plurality ofprofile elements is generated based on the decoded at least one segment.12. The method of claim 9, wherein the plurality of data units aregenerated by dividing the encrypted profile package by a transferableformat, and wherein the divided plurality of data units are combined tobe in an encryptable format.
 13. The method of claim 9, wherein a formatof the plurality of data units is application protocol data unit (APDU).14. The method of claim 9, wherein an encryption key is received withthe encrypted profile package.
 15. The method of claim 9, wherein eachof the plurality of profile elements is in a tag length value (TLV)form.
 16. An electronic device for downloading a profile package, theelectronic device comprising: a transceiver configured to transmit andreceive a signal; a controller configured to: receive, from a profileserver, an encrypted profile package including a plurality of segmentsthat are generated based on at least one profile element, generate aplurality of data units from the encrypted profile package, and transferthe plurality of data units to a universal integrated circuit card(UICC) of the electronic device; and the UICC configured to: generate aplurality of profile elements from the plurality of data units, whereineach profile element is to be processed independently from other profileelements, and install the plurality of profile elements in the UICC. 17.The electronic device of claim 16, wherein the UICC is configured tostore, in a buffer, remaining information included in a data unit exceptinformation on a profile element installed in the UICC.
 18. Theelectronic device of claim 16, wherein the UICC is configured togenerate at least one segments from the plurality of data units in theUICC, and decode the at least one segment, wherein a profile elementamong the plurality of profile elements is generated based on thedecoded at least one segment.
 19. The electronic device of claim 16,wherein the plurality of data units are generated by dividing theencrypted profile package by a transferable format, and wherein thedivided plurality of data units are combined to be in an encryptableformat.
 20. The electronic device of claim 16, wherein a format of theplurality of data units is application protocol data unit (APDU). 21.The electronic device of claim 16, wherein an encryption key is receivedwith the encrypted profile package.
 22. The electronic device of claim16, wherein each of the plurality of profile elements is in a tag lengthvalue (TLV) form.